Anonymous claims DNS attacks against Symantec, Apple, Microsoft
Anonymous Sri Lanka says that it breached the DNS servers of several major companies, including Symantec, Apple, Facebook, Skype, and Cisco.
The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days.
Posting the news and records of its exploits on Pastebin, the group is taking credit for launching "DNS Cache Snoop Poisoning" attacks against its victims.
DNS cache snooping is the process whereby hackers can query a DNS server to find out which domain names are being resolved into IP addresses.
is a method through which hackers are able to insert malicious and fake records into the cache of DNS servers. As a result, the hackers can then spoof a response to a DNS query, forcing users to go to a phony Web site instead of the real one.
Since DNS, or domain name system, servers maintain the records that assign domain names to IP addresses, attacks against them are especially alarming since they can compromise part of the very foundation of the Internet.
The information posted on Pastebin by Anonymous Sri Lanka shows that the group was able to scan and in some cases expose the DNS information of the companies it targeted, according to Cyber War News. But there's no indication that the hackers were able to modify any of the DNS records that they touched.
In the record of its DNS attack against Symantec, Anonymous Sri Lanka boasts that it breached the "world's second-largest software (antivirus) leader/giant" and says that it captured almost the entire DNS pool, including the company's corporate customers, production servers, and testbeds. The group touted the same DNS Cache Snoop Poisoning attacks against Facebook, Skype, Apple, Cisco, Microsoft, and Novell.
Beyond its attacks against several major tech companies, Anonymous Sri Lanka has also claimed DNS hacks against several groups and agencies in Sri Lanka, including the nation's Parliament, military, and largest telecom provider.
The group tried to justify its actions in some of its comments.
Lashing out at Facebook, Anonymous Sri Lanka said that the way the social network controls and treats its members is not acceptable under any circumstances. Explaining its attack against Skype, the group claimed that the online video service is "eavesdropping the entire VoIP traffic at several nodes for sure."
The attacks appear to have started on August 22 against the Sri Lankan telecom provider and continued on into yesterday with the attack against Skype.
Responding to a request for comment, a spokesman for Symantec sent CNET the following statement:
"Symantec is one of the most visible targets in the world for cyberattacks on a daily basis. We do not delineate the identity of individuals or organizations who may or may not be the source of said attacks. We monitor our networks closely on a 24/7 basis and have not detected any inordinate or suspicious rates of traffic or activity. To date, we have found no evidence that any of our business critical servers have been breached or that any information on our networks belonging to Symantec or our customers has been exposed. We take these scenarios very seriously and will continue to monitor the situation closely to ensure that there are no further attempts to compromise the system and to ensure that any customer information remains protected."
A Microsoft representative told CNET: "Microsoft is aware that a list of various Microsoft-owned server names has been posted to a public Web site. We are investigating claims of a potential threat to those servers, but have seen no evidence that this is true. We will continue to monitor network traffic and activity to ensure that customers and critical assets remain protected."
A Skype representative told CNET that the company's chief security officer has found no evidence of any attack and that it seems all Anonymous Sri Lanka did was "ping" the DNS server.
Requests for information from Facebook and Apple were not immediately returned.
Updated at 10:15 a.m. PT with statement from Symantec and at 4:30 a.m. PT September 1 with responses from Microsoft and Skype.